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DETAILED ACTION 

1. This Office Action is a response to communications dated 03/04/05. Claims 32-92 
are pending in the application. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was knovm or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention ttiereof by the applicant for a patent. 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 32-42. 45-70 and 72 are rejected under 35 U.S.C. 102(b) as being 
anticipated by McAuley et al (Fast Routing Table Lookup Using CAMs, Bellcore, pages 
1-10, 1993) (hereinafter "McAuley"). 

Regarding claim 32, in accordance with McAuley reference entirety, McAuley 
discloses a method of processing a packet (Figure 3) comprising: 

configuring a plurality of access control specifiers {Table 2; address/mask pairs 

♦ 

and page 2, right column, last paragraph) in an access control element (Routing Table 
or CAM) according to a priority of a type of each access control specifier {Tables 5-6; 
Implicit priority associated with Address), wherein the type of an access control specifier 
corresponds to information (search pattern) in an access control entry (search word) 
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(page 6, right column, McAuley discloses logical CAM is used to store data and sets its 
mask value and each CAM has its own search pattern); 

matching one or more characteristics {Figure 3 and 201; 201-829 and 201-829- 
4484) of said packet with one or more access control specifiers {Figure 3; Masl<-3, 
Mas/c-6 and l\^ask-10); 

selecting a match corresponding to an access control specifier with a highest 
associated priority {Figure 3; Prioritizer and page 6, right column to page 7, left column, 
McAuley discloses the match Prioritizer automatically selects the best match); and 

processing said packet based on said selecting {Table 1; Address 201-829-xxxx 
corresponding to Next Hop Port B and page 7; left column, McAuley discloses prioritizer 
only enables one buffer to drive its signal onto the output bus. In other words, a match 
in this case would cause the received packet to be routed to port B). 

Regarding claim 33, in addition to features recited in claim 32 (see rationales 
discussed above), McAuley further discloses wherein said access control element is a 
content addressable memory {Figure 3; CAM-1-CAM-3). 

Regarding claim 34, in addition to features recited in claim 32 (see rationales 
discussed above), McAuley further discloses wherein said matching and said 
processing is done in parallel {Figure 3 and CAM-1-CAM-3 and page 7, left column, 
McAuley discloses packetAddress is used to search all the logical CAMs 
simultaneously). 

Regarding claim 35, in addition to features recited in claim 32 (see rationales 
discussed above), McAuley further discloses wherein said characteristics of said packet 
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comprises one or more of a source address, a destination address, a source port, a 
destination port, a protocol type, an input interface and an output interface (page 1. left 
column; Introduction, first paragraph). 

Regarding claim 36, in addition to features recited in claim 32 (see rationales 
discussed above). McAuley further discloses wherein said characteristics of said packet 
comprises data carried by said pacl<et in a packet header {Figure 3; 201-829-4484 or 
Table 1). 

Regarding claim 37, in addition to features recited in claim 32 (see rationales 
discussed above), McAuley further discloses receiving said packet {Figure 3; 201-829- 
4484 or page 1, right column, McAuley discloses routing table lookup function is 
executed every a packet arrives at a switch). 

Regarding claim 38, in addition to features recited in claim 32 (see rationales 
discussed above), McAuley further discloses identifying one or more of said access 
control specifiers based on said matching {Figure 3; Prioritizer (distinguish best match in 
multiple matches; page 7, left column). 

Regarding claim 39, in addition to features recited in claim 38 (see rationales 
discussed above), McAuley further discloses prioritizing said one or more of said access 
control specifiers Identified based on said matching to generate a set of prioritized 
access control specifiers {Figure 3; Prioritizer (distinguish best match in multiple 
matches; page 7, left column). 
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Regarding claim 40, in addition to features recited in claim 39 (see rationales 
discussed above), McAuley further discloses wherein said prioritizing is done in parallel 
by a priority encoder {Figure 3; Prioritizer and page 7, left column). 

Regarding claim 41 , in addition to features recited in claim 39 (see rationales 
discussed above), McAuley further discloses wherein said prioritizing (Figure 3; 
Prioritizer) is done based on an address of said access control specifiers (address/mask 
pairs) in said access control element {Figure 3; CAM-1. CAM-2 or CAM-3). 

Regarding claim 42, in addition to features recited in claim 39 (see rationales 
discussed above), McAuley further discloses wherein said processing is done based on 
said set of prioritized access control specifiers {Figure 3 and page 7, left column 
pertaining the result of port B by Prioritizer). 

Regarding claim 45, in addition to features recited in claim 32 (see rationales 
discussed above), McAuley further discloses if said packet requires forwarding, 
forwarding said packet {Figure 3; PORTB). 

Regarding claim 46, in accordance with McAuley reference entirety, McAuley 
discloses a system (Figure 3) for processing a packet {lookup) comprising: 

one or more access control specifiers, wherein said one or more access control 
specifiers are of one or more types of access control specifiers {Table 2; address/mask 
pairs and page 2, right column, last paragraph); and 

an access control element {Routing Table orCAf^, wherein said access control 
element is configured to store said one or more access control specifiers according to a 
priority of the type of each access control specifier {Implicit priority associated with 
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address is depicted in Tables 5&5 on page 7 and described through the McAuley 
reference): and 

match one or more characteristics of said pacl^et with one or more access control 
specifiers (page 7, te^ column, second paragraph); and 

a priority encoder coupled to said access control element {Figure 3 depicted 
Prioritizer coupled to CAM), wherein said priority encoder is configured to select a 
highest priority match based on the priority of the types of access control specifiers 
{Prioritizer distinguisties the best match is disclosed on page 7, left column, second 
paragraph and thereinafter). 

Regarding claim 47, in addition to features recited in claim 46 (see rationales 
discussed above), McAuley further discloses wherein said priority encoder is further 
configured to prioritize said one or more access control specifiers according to an 
address of said one or more access control specifiers In said access control element 
{Figure 3; Prioritizer and description on page 7, left column, second paragraph and 
thereinafter). 

Regarding claim 48, in addition to features recited in claim 46 (see rationales 
discussed above), McAuley further discloses a compare unit (mask-3; mask-6 or mask- 
10) coupled to said access control element (CAM), wherein said compare unit is 
configured to compare (Figure 3; AND gates) said one or more characteristics of said 
packet {201; 201-829; or 201-829-4484) or (packet header) with one or more values 
{Figure 3; MASK CIRCUIT and Table 2; Masks (hex.)). 
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Regarding claim 49, in addition to features recited in claim 48 (see rationales 
discussed above). McAuley further discloses wherein said one or more values are 
predetermined (Table 3; Masks (hex.)). 

Regarding claim 50, In addition to features recited in claim 48 (see rationales 
discussed above), McAuley further discloses wherein said one or more values are 
dynamically determined (Table 3; Masks (hex.)). 

Regarding claim 51, In addition to features recited in claim 48 (see rationales 
discussed above), McAuley further discloses wherein said compare unit is further 
configured to perform arithmetic operation on data carried by said packet In a packet 
header (Figure 3; MASK CIRCUIT) 

Regarding claim 52, In addition to features recited In claim 48 (see rationales 
discussed above), McAuley further discloses wherein said compare unit is further 
configured to perfomi logical operation on said data carried by said packet in said 
packet header (Figure 3; MASK CIRCUIT) 

Regarding claim 53, in addition to features recited in claim 46 (see rationales 
discussed above), McAuley further discloses wherein said access control element 
further comprising: an access control memory (Figure 3; CAM-1 , CAM-2 or CAM-3). 

Regarding claim 54, in addition to features recited in claim 53 (see rationales 
discussed above), McAuley further discloses wherein said access control memory is a 
content-addressable memory (Figure 3; CAM-1, CAM-2 or CAM-3). 

Regarding claim 55, in addition to features recited in claim 53 (see rationales 
discussed above), McAuley further discloses wherein said access control memory 
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(Routing Table or CAM) stores at least one of said access control specifier 
{address/mask pairs or Table 2). 

Regarding claim 56, in addition to features recited in claim 53 (see rationales 
discussed above), McAuley further discloses wherein said access control specifier 
(address/mask pairs or Table 2) further comprising: 

a label match mask configured to determine whether a first corresponding bit of 
said one or more characteristics of said packet is tested (Figure 3; mask-3, mask-6 or 
mask-10); and 

a label match pattern, wherein said label match pattern is compared with a 
second corresponding bit of said one or more characteristics of said packet (Figure 3; 3- 
digit matches Table, 6-digit matches Table or 10-digit matches Table). 

Regarding claim 57, in addition to features recited in claim 46 (see rationales 
discussed above), McAuley further discloses a processor, coupled to said access 
control element, said processor is configured to process said packet when said packet 
is not processed by said access control element {not shown; inherent to have 
processing mechanism in a switch). 

Regarding claim 58, in addition to features recited in claim 46 (see rationales 
discussed above), McAuley further discloses at least one input port coupled to said 
access control element, wherein said input port is configured to receive said packet 
(Figure 3; input port depicted as input of 201-829-4484)] and 
at least one output port (Figure 3; output port depicted as Port B) coupled to said 
access control element, wherein said packet is fonvarded via said output port (not 
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shown; inherent as part of Figure 3 in order to receive and route paciieX as merely 
discloses In the Introduction "central function of [a switch] is to route a call or packet to 
appropriate destination"). 

Regarding claim 59. in accordance witli McAuley reference entirety. McAuley 
discloses a system {Figure 3 and description on page 6, right column, last paragraph to 
page 7, left column, first four paragraphs) for processing a pacl<et comprising: 

means for configuring a plurality of access control specifiers (Table 2; 
address/mask pairs) in an access control element {routing table or CAM) according to a 
priority of a type {Tables 5-6; Implicit priority) of each access control specifier, wherein 
the type of an access control specifier corresponds to information in an access control 
entry {Address); 

means for matching {Figure 3; CAM-3, CAM-6 or CAM-10) one or more 
characteristics of said packet (Figure 3; 201 . 201-829 and 201-829-4484) with one or 
more of the access control specifiers {Table 2; address/mask pairs); and 

means for selecting {Figure 3; prioritizer) a match con^esponding to an access 
control specifier with a highest associated priority {best match); and 

means for processing said packet {not shown; inherently there is a processor or 
circuitry to process/append/encapsulate a packet with newly founded address after 
lookup process. See page 1, left column, last paragraph) based on said matching {drive 
signal indicating port B). 
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Regarding claim 60, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses wherein said access control element is a 
content addressable memory (Figure 3; CAM-1 or CAM-2 or CAM-3). 

Regarding claim 61, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses wherein said matching and said 
processing is done in parallel (Figure 3; CAIVI-I or CAM-2 or CAM-3). 

Regarding claim 62, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses wherein said characteristics of said packet 
comprises one or more of a source address, a destination address, a source port, a 
destination port, a protocol type, an input interface and an output interface (page 7, left 
column; port B). 

Regarding claim 63, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses wherein said characteristics of said packet 
comprises data carried by said packet in a packet header (page 7, left column). 
Regarding claim 64, in addition to features recited in claim 59 (see rationales discussed 
above), McAuley further discloses means for receiving said packet (not shown; inherent 
as part of Figure 3 in order to receive and route packet). 

Regarding claim 65, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses means for identifying one or more of said 
access control specifiei^ based on said matching (Figure 3; prioritizer). 

Regarding claim 66, in addition to features recited in claim 64 (see rationales 
discussed above), McAuley further discloses means for prioritizing said one or more of 
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said access control specifiers identified based on said matching to generate a set of 
prioritized access control specifiers {Figure 3; prioritizer). 

Regarding claim 67, in addition to features recited in claim 66 (see rationales 
discussed above), McAuley further discloses wherein said prioritizing is done in parallel 
by a priority encoder {Figure 3; prioritizer). 

Regarding claim 68, in addition to features recited in claim 66 (see rationales 
discussed above), McAuley further discloses wherein said prioritizing is done based on 
an address of said access control specifiers in said access control element {Figure 3; 
prioritizer). 

Regarding claim 69, in addition to features recited in claim 66 (see rationales 
discussed above), McAuley further discloses wherein said processing is done based on 
said set of prioritized access control specifiers {Figure 3; prioritizer). 

Regarding claim 70, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses wherein said processing further 
comprising: means for fonA^arding said packet to said higher-level processor if said 
packet requires processing by a higher-level processor {not sliown; inherent to have 
processing mechanism in a switch). 

Regarding claim 72, in addition to features recited in claim 59 (see rationales 
discussed above), McAuley further discloses means for forwarding said packet if said 
packet requires fonvarding {Figure 3; port 8). 

Regarding claim 91, in addition to features recited in base claim 32 (see 
rationales discussed above), McAuley further discloses wherein said one or more 



Application/Control Number: 10/087,342 Page 12 

Art Unit: 2666 

access control specifiers include a label match mask {Figure 3; Mask'3, Mask-6 or 
Mask'10) and a label match patter {Figure 3; 201, 201-829 or 201-820-4484). 

Regarding claim 92, in addition to features recited in base claim 46 (see 
rationales discussed above), McAuley further discloses wherein said one or more 
access control specifiers include a label match mask {Figure 3; Mask-3, Mask-6 or 
Mask-10) and a label match patter {Figure 3; 201, 201-829 or 201-820-4484). 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a). the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 103(a). 
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3. Claims 43-44. 71 and 90-91 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McAuley in view of Wilford et al (USP 5,509.006) (hereinafter 
^Wilford"). 

Regarding claims 43-44. in addition to features recited in base claim 32 (see 
rationales discussed above), McAuley fails to further disclose an access control list 
telling a switch to perform certain actions (i.e.. permit access, deny access or limit 
access, etc..) on a received packet. However, such limitation lacks thereof from 
McAuley reference is well known and disclosed by Wilford. 

In accordance with Wilford reference entirety. Wilford discloses a packet switch 
comprising, among other things, an access control list {FIG. 7C and coL 16, lines 7-49) 
for determining fonA^arding permission for the packet to provide the switch with a way to 
control network access base on source and destination of the packet (co/. 16, lines 8- 
10. At col. 16, lines 46-49, Wilford also discloses the access control list may be 
converted into the tree memory 308 similarly to routing tables). Wilford's permissions 
do not explicitly specify further processing the packet by another processor or dropping 
the packet. However, it is contemplated by a skill artisan such action can easily 
implement in Wilford's access control list using a software or some extra coding 
instruction. 

It would have been obvious to those skilled in the art at the time of the invention 
was made to implement Wilford's access control list into McAule/s method by 
converting the access control list into routing tables to arrive the claimed invention with 
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a motivation to provide the switch with a way to control network access base on source 
and destination of the packet {coL 16, lines 8-10). 

Regarding claim 71, in addition to features recited in base claim 59 (see 
rationales discussed above), McAuley fails to further disclose an access control list 
telling a switch to perform certain actions (i.e., permit access, deny access or limit 
access, etc..) on a received packet. However, such limitation lacks thereof from 
McAuley reference is well known and disclosed by Wilford. 

In accordance with Wilford reference entirety, Wilford discloses a packet switch 
comprising, among other things, an access control list {FIG. 7C and col. 16, lines 7-49) 
for determining forwarding permission for the packet to provide the switch with a way to 
control network access base on source and destination of the packet {col. 16, lines 8- 
10. At col. 16, lines 46-49, Wilford also discloses the access control list may be 
converted into the tree memory 308 similarly to routing tables). Wilford's permissions 
do not explicitly specify dropping the packet. However, it is contemplated by a skill 
artisan such action can easily implement in Wilford's access control list using a software 
or some extra coding instruction. 

It would have been obvious to those skilled in the art at the time of the invention 
was made to implement Wilford's access control list into McAule/s method by 
converting the access control list into routing tables to arrive the claimed invention with 
a motivation to provide the switch with a way to control network access base on source 
and destination of the packet {col. 16, lines 8-10). 
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Regarding claim 90, in accordance witli l\^cAuley reference entirety, l\^cAuley 
discloses a method of processing a pacl<et {packet lookup; page 1, left column, 
Introduction) comprising: selecting an output interface to which to forward the packet 
{page 1; Introduction, McAuley discloses a function of a switch is to search a routing 
table for the information needed to route a packet to an appropriated output port or page 
7, left column, McAuley discloses prioritizer enables one buffer to drive its signal onto 
the output bus or indication of port B is selected); detemiining associated information for 
routing the packet {page 1; Introduction or page 7, left column pertaining simultaneously 
search all logical CAMs), wherein the determine comprises matching one or more 
characteristics {Figure 3 and 201; 201-829 and 201-829-4484) of said packet with one 
or more access control specifiers {Figure 3; Mask-3, Mask-6 and Mask-10) in at least 
one access control element (Figure 3; CAM); processing said packet based on said 
associated information {page 2, right column, last paragraph; associated infomiation 
gets return as a result of lookup), wherein selecting step is perfomied in parallel with the 
detemiining step {Figure 3 and CAM-1-CAM-3 and page 7, left column, McAuley 
discloses packetAddress is used to search all the logical CAMs simultaneously). 
McAuley fails to implicitly disclose detemiining forwarding pemnission for the packet. 
However, such limitation lacks thereof from McAuley reference is well known and 
disclosed by Wilford. 

In accordance with Wilford reference entirety, Wilford discloses a packet switch 
comprising, among other things, an access control list (FIG. 7C and col. 16, lines 7-49) 
for detemiining forwarding pemfiission for the packet to provide the switch with a way to 
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control network access base on source and destination of the packet {col. 16, lines 8- 
10. At col. 16, lines 46-49, Wilford also discloses the access control list may be 
converted into the tree memory 308 similarly to routing tables). 

It would have been obvious to those skilled in the art at the time of the invention 
was made to implement Wilford's access control list Into McAule/s method by 
converting the access control list into routing tables to arrive the claimed invention with 
a motivation to provide the switch with a way to control network access base on source 
and destination of the packet {col. 16, lines 8-10). 

Allowable Subject Matter 

4. Claims 73-89 are allowed. 

5. The following is a statement of reasons for the indication of allowable subject 
matter: The prior art of record, considered individually or in combination, fails to fairly 
show or suggest the claimed system comprising, among other limitations, the novel and 
unobvious limitations of "means for matching matchable information, said matchable 
information being responsive to said packet label, with said set of access control 
patterns in parallel; means for generating a set of matches in response thereto, each 
said match having priority infonvation associated therewith", structurally and functionally 
interconnected with other limitations in a manner as recited in claims 73-89, . 
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Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Doeringer et al, Routing on Longest-Matching Prefixes, IEEE, pages 86-97,1996. 
Shaffer, Designing Very Large Content-Addressable Memories, University of 
Pennsylvania, pages 1-38, 1992. 

Molitor, Architecture for Advanced Packet Filtering, USENIX UNIX Security 
Symposium, pages 1-13, 1995. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Frank Duong whose telephone number is 571-272- 
3164. The examiner can normally be reached on 7:00AM-3:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Seema S. Rao can be reached on 571-272-3174. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infonnation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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